WC Release Notes

Similar documents
Release Notes PK.1.34

HPE 3PAR OS MU2 Patch 53 Release Notes

Integrated Smart Update Tools for Windows and Linux User Guide

L Release Notes

Aruba 8400X Introduction to the Web UI for ArubaOS-CX 10.00

KB Release Notes

Hewlett Packard Enterprise. HPE OmniStack for vsphere Upgrade Guide

HPE FlexNetwork MSR Router Series

HPE StoreEver MSL6480 Tape Library CLI Utility Version 1.0 User Guide

HPE StoreVirtual 3200 Application Aware Snapshot Manager User Guide

10GbE Pass-Thru Module II for HPE BladeSystem c-class Enclosures User Guide

HP V1905 Switch Series Release Notes

S Release Notes

YA-YB Software Fix List

WB xxxx Software Fix List

HPE 3PAR OS GA Patch 20 Release Notes

HPE ArubaOS-Switch Advanced Traffic Management Guide for WB.16.03

Marvell BIOS Utility User Guide

HP Switch Software Management and Configuration Guide K/KA/KB.15.16

Gigabit Managed Ethernet Switch

Management and Configuration Guide YA/ YB.15.18

HPE ArubaOS-Switch Management and Configuration Guide for YA/ YB.16.02

HP 6125 Blade Switch Series

Management and Configuration Guide for WB.15.16

HPE VAN SDN Controller and Applications Support Matrix

HPE StoreVirtual OS Update Guide

HPE Synergy 40Gb F8 Switch Module

ArubaOS-Switch Management and Configuration Guide for YA/YB.16.04

Gigabit Managed Ethernet Switch

Gigabit Managed Ethernet Switch

Switch Stacking ArubaOS Switch

HPE FlexFabric 12900E & 12900

Guest Management Software V2.0.2 Release Notes

HPE Moonshot ilo Chassis Management Firmware 1.52 Release Notes

HPE FlexFabric 5950 Switch Series

PSGS-2610F L2+ Managed GbE PoE Switch

AT-GS950/10PS Switch Web Interface User s Guide AT-S110 [ ]

Aruba Campus Switching

HPE FlexFabric 5940 Switch Series

AT-GS950/8. AT-GS950/8 Web Interface User Guide AT-S113 Version [ ] Gigabit Ethernet Switch Rev A

HPE ArubaOS-Switch Advanced Traffic Management Guide for WC.16.02

RA Release Notes

HPE FlexNetwork HSR6800 Routers

WLAN high availability

FGS-2616X L2+ Managed GbE Fiber Switches

HP Routing Switch Series

ArubaOS-Switch Software Feature Support Matrix KA/KB/RA/WB/WC/YC/YA-YB Switches (minimum firmware versions)

GS-2610G L2+ Managed GbE Switch

Aruba 2530 Management and Configuration Guide for ArubaOS- Switch 16.05

HP StoreVirtual Storage Multi-Site Configuration Guide

HPE StoreOnce 3.16.x Software Upgrade Guide

HP 6125 Blade Switch Series

HP 3600 v2 Switch Series

HP FlexFabric 5700 Switch Series

HP 5920 & 5900 Switch Series FAQ

HP 2920 Switches Software Version WB Release Notes

About the HP 830 Series PoE+ Unified Wired-WLAN Switch and HP 10500/ G Unified Wired-WLAN Module

About the Configuration Guides for HP Unified

24-Port: 20 x (100/1000M) SFP + 4 x Combo (10/100/1000T or 100/1000M SFP)

HP 6125 Blade Switch Series

HPE FlexFabric 7900 Switch Series

HPE ArubaOS-Switch IPv6 Configuration Guide YA/YB.16.02

ArubaOS-Switch Advanced Traffic Management Guide for WC.16.04

HP 6125G & 6125G/XG Blade Switches

HP Load Balancing Module

KB Release Notes

Management and Configuration Guide WB.16.01

HP 4200vl Switches Software Version L Release Notes

HPE PSR300-12A & PSR300-12D1

HP 2615 and 2915G Switches Software Version A Rev. B Release Notes

Management and Configuration Guide WB.15.18

HP 2920 Switches Software Version WB Release Notes

HP MSR Router Series. EVI Configuration Guide(V7) Part number: b Software version: CMW710-R0304 Document version: 6PW

HP Load Balancing Module

HP 2530 Switches Software Version YA Release Notes

BEST PRACTICE - NAC AUF ARUBA SWITCHES. Rollenbasierte Konzepte mit Aruba OS Switches in Verbindung mit ClearPass Vorstellung Mobile First Features

KB Release Notes

48-Port 10/100/1000BASE-T + 4-Port 100/1000BASE-X SFP Gigabit Managed Switch GS T4S

HPE StoreVirtual OS v13.5 Release Notes

AT-S41 Version 1.1.7C Management Software for the AT-8326GB and AT-8350GB Series Fast Ethernet Switches. Software Release Notes

Access Security Guide for YA/YB.16.01

GS-1626G Web Smart+ GbE Switch

HP 5820X & 5800 Switch Series IRF. Command Reference. Abstract

HP MSM3xx / MSM4xx APs v Release Notes

SAE-PE QSFP-NMS

HPE FlexNetwork MSR Router Series

Management Software AT-S101. User s Guide. For use with the AT-GS950/8POE Gigabit Ethernet WebSmart Switch. Version Rev.

ASIT-33018PFM. 18-Port Full Gigabit Managed PoE Switch (ASIT-33018PFM) 18-Port Full Gigabit Managed PoE Switch.

HP A5120 EI Switch Series IRF. Command Reference. Abstract

HPE BladeSystem Onboard Administrator Release Notes 4.70

Aruba 8320 Configuring ACLs and Classifier Policies Guide for ArubaOS- CX 10.00

HP VPN Firewall Appliances

Intelligent Provisioning 3.10 Release Notes

HP 2910al Switches Software Version W Release Notes

Intelligent Provisioning 3.00 Release Notes

Lenovo ThinkSystem NE Release Notes. For Lenovo Cloud Network Operating System 10.6

HP 5920 & 5900 Switch Series

HP 5500 HI Switch Series

Ethernet Routing Switch 4800 Series Software Release

HP 5300xl Switches Software Version E Release Notes

Transcription:

WC.16.04.0009 Release Notes Part Number: 5200-4368a Published: October 2017 Edition: 2

Copyright 2017 Hewlett Packard Enterprise Development LP Notices The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Confidential computer software. Valid license from Hewlett Packard Enterprise required for possession, use, or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. Links to third-party websites take you outside the Hewlett Packard Enterprise website. Hewlett Packard Enterprise has no control over and is not responsible for information outside the Hewlett Packard Enterprise website. Acknowledgments Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

Contents Chapter 1 WC.16.04.0009 Release Notes... 5 Description... 5 Important information... 5 Version history... 5 Products supported...6 Compatibility/interoperability... 7 Minimum supported software versions... 7 Enhancements... 8 Version WC.16.04.0009... 8 Authentication...8 OpenFlow... 8 Version WC.16.04.0008... 8 /31 Subnet Support... 8 40G QSFP+ BiDi Transceiver Support...8 Batch CLI command execution over REST Interface...9 CLI Commands over REST Interface...9 Connected Device Reporting... 9 Custom delimiter for MAC addresses...9 Device Profiles for custom device types...9 Downloadable User Roles...9 Enhanced Fan Status...9 IEEE 802.3bz Compliance... 9 Increase Subject length for the certificate... 10 IPv6 Default Gateway on OOBM port... 10 IPv6 Set Router Preference... 10 Per-user Tunneled Node... 10 QoS Custom Traffic Templates...10 Show Command for Trunk Bandwidth Utilization... 10 SNMPv3 Inform Alerts...10 Stacking support with REST APIs... 10 Version WC.16.04.0007...11 Version WC.16.04.0006...11 Version WC.16.04.0005...11 Version WC.16.04.0004...11 Hibernation Mode... 11 IEEE 1588...11 Fixes...11 Version WC.16.04.0009...11 Authentication...11 Central...12 DHCP... 12 DHCP Snooping... 12 OpenFlow... 12 Smart Link... 12 SNMP... 13 SSH... 13 Tunneled Node...13 Web UI...13 Version WC.16.04.0008... 13 Authentication...13 Contents 3

Central...13 Console... 14 LLDP... 14 OpenFlow... 14 OSPF...15 Private VLAN...15 RMON... 16 sflow... 16 Smart Link... 16 SSH... 16 Stacking...17 UDLD...17 Version WC.16.04.0007... 17 Version WC.16.04.0006... 17 Version WC.16.04.0005... 17 Version WC.16.04.0004... 17 CLI...17 Event Log... 18 LLDP... 18 Stacking...18 User Roles...18 Issues and workarounds... 18 Central...18 CR_0000237778... 18 MACsec...19 CR_0000232725... 19 Switch Initialization...19 CR_0000234294... 19 VSF... 19 CR_0000238068... 19 Upgrade information... 19 Chapter 2 Hewlett Packard Enterprise security policy... 21 Finding Security Bulletins...21 Security Bulletin subscription service...21 Chapter 3 Websites... 22 Chapter 4 Support and other resources... 23 Accessing Hewlett Packard Enterprise Support... 23 Accessing updates...23 Customer self repair...24 Remote support... 24 Warranty information...24 Regulatory information...25 Documentation feedback... 25 4 WC.16.04.0009 Release Notes

Chapter 1 WC.16.04.0009 Release Notes Description This release note covers software versions for the WC.16.04 branch of the software. Version WC.16.04.0004 is the initial build of Major version WC.16.04 software. WC.16.04.0004 includes all enhancements and fixes in the WC.16.03.0003 software, plus the additional enhancements and fixes in the WC. 16.04.0004 enhancements and fixes sections of this release note. Product series supported by this software: Aruba 2930F Switch Series Aruba 2930M Switch Series Important information To avoid damage to your equipment, do not interrupt power to the switch during a software update. Firmware downgrade to a version earlier than 16.04 will generate new SSH keys upon switch boot-up. These keys will be different than the ones previously stored in SSH peer's known hosts file and may result in SSH connectivity issues after the OS downgrade completes. You will need to erase the pre-existing switch keys from SSH peer's known hosts file to restore SSH connectivity. This issue will not be encountered when the option "StrictHostKeyChecking" is disabled in the SSH peer. For more information regarding clearing SSH keys and changing strict host key checking settings, see the documentation provided with your SSH client. Version history All released versions are fully supported by Hewlett Packard Enterprise, unless noted in the table. Version number Release date Based on Remarks WC.16.04.0009 2017-10-16 WC.16.04.0008 Released, fully supported, and posted on the web. WC.16.04.0008 2017-07-27 WC.16.04.0004 Released, fully supported, and posted on the web. WC.16.04.0007 n/a WC.16.04.0006 Never released. WC.16.04.0006 n/a WC.16.04.0005 Never released. WC.16.04.0005 n/a WC.16.04.0004 Never released. WC.16.04.0004 2017-03-15 WC.16.03.0003 Initial release of the WC.16.04.0004 software. Released, fully supported, and posted on the web. WC.16.03.0005 2017-07-07 WC.16.03.0004 Released, fully supported, and posted on the web. Table Continued Chapter 1 WC.16.04.0009 Release Notes 5

Version number Release date Based on Remarks WC.16.03.0004 2017-04-17 WC.16.03.0003 Released, fully supported, and posted on the web. WC.16.03.0003 2016-12-20 WC.16.02.0008 Initial release of the WB.16.03 branch. Released, fully supported, and posted on the web. WC.16.02.0014 2016-10-28 WC.16.02.0013 Please see the WC.16.02.0014 release notes for detailed information on the WC.16.02 branch. Released, fully supported, and posted on the web. WC.16.02.0013 n/a WC.16.02.0012 Never released. WC.16.02.0012 2016-08-31 WC.16.02.0011 Released, fully supported, and posted on the web. WC.16.02.0011 2016-08-24 WC.16.02.0010 Released, fully supported, and posted on the web. WC.16.02.0010 2016-08-11 WC.16.02.0009 Released, fully supported, and posted on the web. WC.16.02.0009 n/a WC.16.02.0008 Never released. WC.16.02.0008 2016-07-08 WC.16.02.0007 Released, fully supported, and posted on the web. WC.16.02.0007 n/a WC.16.02.0006 Never released. WC.16.02.0006 n/a WC.16.02.0005 Never released. WC.16.02.0005 n/a WC.16.02.0004 Never released. WC.16.02.0004 n/a WC.16.02.0003 Never released. WC.16.02.0003 2016-05-03 Initial release of the WC software. Released, fully supported, and posted on the web. Products supported This release applies to the following product models: Product number JL253A JL254A JL255A JL256A JL258A JL259A JL260A Description Aruba 2930F 24G 4SFP+ Switch Aruba 2930F 48G 4SFP+ Switch Aruba 2930F 24G PoE+ 4SFP+ Switch Aruba 2930F 48G PoE+ 4SFP+ Switch Aruba 2930F 8G PoE+ 2SFP+ Switch Aruba 2930F 24G 4SFP Switch Aruba 2930F 48G 4SFP Switch Table Continued 6 WC.16.04.0009 Release Notes

Product number JL261A JL262A JL263A JL264A JL319A JL320A JL321A JL322A JL323A JL324A Description Aruba 2930F 24G PoE+ 4SFP Switch Aruba 2930F 48G PoE+ 4SFP Switch Aruba 2930F 24G PoE+ 4SFP+ TAA-compliant Switch Aruba 2930F 48G PoE+ 4SFP+ TAA-compliant Switch Aruba 2930M 24G 1-slot Switch Aruba 2930M 24G PoE+ 1-slot Switch Aruba 2930M 48G 1-slot Switch Aruba 2930M 48G PoE+ 1-slot Switch Aruba 2930M 40G 8SR PoE+ 1-slot Switch Aruba 2930M 24SR PoE+ 1-slot Switch Compatibility/interoperability The switch web agent supports the following web browsers: Browser Internet Explorer Supported versions Edge 11 Chrome 53 52 Firefox 49 48 Safari (MacOS only) 10 9 Minimum supported software versions If your switch or module is not listed in the below table, it runs on all versions of the software. Chapter 1 WC.16.04.0009 Release Notes 7

Product number Product name Minimum software version JL078A JL083A JL308A Aruba 3810M/2930M 1-port QSFP+ 40GbE Module Aruba 3810M/2930M 4-port 100M/1G/10G SFP+ MACsec Module Aruba 40G QSFP+ LC Bidirectional 150m MMF 2-strand Transceiver WC.16.04.0004 WC.16.04.0004 WC.16.04.0008 JL323A Aruba 2930M 40G 8SR PoE+ 1-slot Switch WC.16.04.0008 JL324A Aruba 2930M 24SR PoE+ 1-slot Switch WC.16.04.0008 Enhancements This section lists enhancements added to this branch of the software. Software enhancements are listed in reverse-chronological order, with the newest on the top of the list. Unless otherwise noted, each software version listed includes all enhancements added in earlier versions. Version WC.16.04.0009 Authentication Added a new authentication option to pin Local-MAC and MAC-based authenticated clients and to allow them to remain authenticated when they become inactive, after the expiration of authentication log-off period. When mac pinning option is enabled on a port, it overrides the regular log-off period for authenticated clients. The option can be enabled using the following CLI command: aaa port-access local-mac <PORT-LIST> mac-pin aaa port-access mac-based <PORT-LIST> mac-pin OpenFlow Added a configuration option allowing you to specify the controller interface's source IP address used to establish a connection with the OpenFlow controller. controller-id <ID> ip <IPV4-ADDR> [port <PORT-NUM>] controller-interface vlan <VLAN-ID> source-ip <IPV4-ADDR> Version WC.16.04.0008 /31 Subnet Support On a point-to-point link, where there is no need for a broadcast address, this enhancement allows configuration of an IP address with prefix length of /31. This feature allows users to set the subnet mask to 255.255.255.254 and accepts a broadcast address as a valid IP address for a host on the network. For more information, see the ArubaOS-Switch Management and Configuration Guide and the ArubaOS-Switch Access Security Guide for your switch. 40G QSFP+ BiDi Transceiver Support Support for 40G BiDi QSFP+ transceiver (JL308A) has been added in 16.04 and will allow customers to use them on 2930M, 3810M and 5400R switches. For more information, see the ArubaOS-Switch Management and Configuration Guide for your switch. 8 WC.16.04.0009 Release Notes

Batch CLI command execution over REST Interface REST interface users may now choose to push a subset of the switch configuration in one go via the newly added 'CliBatchCommand' instead of using the individual REST APIs to configure features. If the configuration (in CLI format) of the switch is already known, this command can be leveraged for initial setup by executing the CLI commands in a single batch over the REST API. For more information, see the ArubaOS-Switch REST API Guide. CLI Commands over REST Interface As the ArubaOS-Switch software continues to add richer REST interface for programmatically managing the switch, there is a desire to execute configuration and show commands that are not currently supported by the REST interface for troubleshooting purposes. ArubaOS-Switch 16.04 introduces the 'CliCommand' interface that allows execution of most configuration commands, action commands, and show commands to help existing REST interface users expand the set of tools in their arsenal. For more information, see the ArubaOS-Switch REST API Guide. Connected Device Reporting Connected Device Reporting provides visibility to Central customers about wired devices connected to the switch. Central now has visibility into both authenticated as well as unauthenticated devices, helping customers understand the status of their current network. Central 2.3.6 is the minimum version required. Custom delimiter for MAC addresses Allows the switch to accept and display MAC addresses in a preferred delimiter format as a global setting. For more information, see the ArubaOS-Switch Access Security Guide for your switch. Device Profiles for custom device types This feature is an extension of the Device Profile feature which automatically applies a configuration from a set of pre-defined configurations to a port upon connection of a known device (like, an Aruba AP). The extension allows the automatic detection of new device types based on information in the LLDP TLV and allows configuration of new OUIs on the switch to recognize new types of devices. Administrators can use this feature for automatic assignment of configuration for devices that are not pre-defined on the switch. For more information, see the ArubaOS-Switch Management and Configuration Guide for your switch. Downloadable User Roles Downloadable User Roles is an extension to the User Roles feature introduced in 16.02 and allows ClearPass to assign a role to the client at the time of authentication. The policies associated with the role need to be configured on ClearPass which are then downloaded to the switch if they are not already present. This feature allows centralization of policy settings in ClearPass without having to set up each individual switch. The feature also interoperates with the newly introduced Per-User Tunneled Node and allows redirection of user traffic to the Aruba controller. ClearPass version 6.6.7 is the minimum version required. For more information, see the ArubaOS-Switch Management and Configuration Guide for your switch. Enhanced Fan Status The show system fans command shows the status of power supply fans, fans in the fan trays, and fans on the individual members of stacks depending on the context from which the command is issued. For more information, see the ArubaOS-Switch Management and Configuration Guide for your switch. IEEE 802.3bz Compliance Starting with 16.04, SmartRate (Multi-gigabit Ethernet) ports on all supported platforms will be 802.3bz compliant and will allow users to connect other 802.3bz devices at 2.5G and 5G speeds. SmartRate technology allows customers to reuse their existing cabling. This new feature also interoperates with SmartRate switches running Chapter 1 WC.16.04.0009 Release Notes 9

versions earlier than 16.04. For more information, see the ArubaOS-Switch Management and Configuration Guide for your switch. Increase Subject length for the certificate In the self-signed certificates, or in certificate signing requests created by the switch, the length of the subject name has been increased to accommodate the maximum values of the individual maximums of each of the attributes in the subject (Distinguished Name). For more information, see the ArubaOS-Switch Access Security Guide for your switch. IPv6 Default Gateway on OOBM port The option to allow setting of the default gateway for IPv6 on OOBM ports obviates the need to turn on neighbor discovery and helps simplify IPv6 rollouts in Campus Networks. For more information, see the ArubaOS-Switch Management and Configuration Guide for your switch. IPv6 Set Router Preference This feature extends the IPv6 Router Advertisement message to include router preference to help hosts choose the best default router for off-link destinations. For more information, see the ArubaOS-Switch Management and Configuration Guide for your switch. Per-user Tunneled Node 16.04 introduces a mechanism to tunnel user-specific traffic to clustered or standalone Aruba mobility controllers instead of tunneling traffic on a per-port basis. Per-user tunnels require AOS 8.1 or higher on the controller and requires that the User Roles feature on the switch be turned on. The flexibility provided by per-user tunnels can be used for applications such as traffic segmentation or isolation based while also helping enforce uniform policy for both wired and wireless clients. Per-user tunneled node also works with Downloadable User Roles, another feature introduced in 16.04, which allows ClearPass to dynamically allocate roles at the time of authentication and then have the traffic of that user tunneled to the controller for uniform policy application. For more information, see the ArubaOS-Switch Management and Configuration Guide for your switch. QoS Custom Traffic Templates This feature allows for remapping of 802.1p priorities to different queue than is what is assigned by default traffic templates on the switch. Users can create new templates based on the defaults and then modify the new templates to remap the 802.1p priorities to achieve the level of granularity required for the application. Show Command for Trunk Bandwidth Utilization The show interfaces trunk-utilization command shows the accumulated bandwidth statistics of the member ports since they were added to the trunk. The bandwidth utilization for the trunk is averaged over a 5- minute interval and displayed. For more information, see the ArubaOS-Switch Management and Configuration Guide for your switch. SNMPv3 Inform Alerts For applications where it is important for the receiver to not lose notifications from the switch, customers may now use SNMPv3 Inform alerts where they can configure a remote engine ID and acknowledge the notifications once they receive them. For more information, see the ArubaOS-Switch Management and Configuration Guide for your switch. Stacking support with REST APIs This release enables the management of stacks of switches (both backplane and frontplane) via REST APIs. Backplane stacks (2920, 2930M, 3810M) and front plane or VSF stacks (2930F and 5400R) can now be fully set 10 WC.16.04.0009 Release Notes

up and managed using the REST APIs. For more information, see the ArubaOS-Switch Management and Configuration Guide for your switch. Version WC.16.04.0007 Version WC.16.04.0007 was never released. Version WC.16.04.0006 Version WC.16.04.0006 was never released. Version WC.16.04.0005 Version WC.16.04.0005 was never released. Version WC.16.04.0004 Hibernation Mode Hibernation mode allows you to power down a switch, then power it up again at a predefined time. This allows dramatic power savings and increases security during the hibernation period. The hibernation period may be overridden via local console access. This feature is supported on standalone switches in a non-stacked environment. IEEE 1588 IEEE 1588v2 Transparent Clock with 1-step and end to end delay mode allows critical timing for some network applications. The purpose of IEEE 1588 (Precision Time Protocol) is to synchronize the time between different nodes on an Ethernet network. Fixes This section lists released builds that include fixes found in this branch of the software. Software fixes are listed in reverse-chronological order, with the newest on the top of the list. Unless otherwise noted, each software version listed includes all fixes added in earlier versions. The Symptom statement describes what a user might experience if this is seen on the network. The Scenario statement provides additional environment details and trigger summaries. When available, the Workaround statement provides a workaround to the issue for customers who decide not to update to this version of software. The number that precedes the fix description is used for tracking purposes. Version WC.16.04.0009 Authentication CR_0000235976 Symptom: Clients in guest VLAN (unauth-vid) are not reauthenticated. Scenario: When RADIUS server is not available for authentication, if the client is placed in guest VLAN (unauth-vid) and the port is not configured for reauthentication, the switch does not re-authenticate the client after the RADIUS server connectivity becomes available. Workaround: Do one of the following to resolve the issue: Chapter 1 WC.16.04.0009 Release Notes 11

1. Disable and re-enable the authentication port. 2. Configure re-authentication on the port ("reauth-period"). Central CR_0000236990 Symptom: Incorrect switch IP address is displayed in the Central UI. Scenario: When the switch is configured with multiple IP addresses on the uplink interface, the DeviceInfo and SystemInfo stats in the Central UI may report incorrect switch IP address info. DHCP CR_0000234234 Symptom: The switch may fail to obtain the IP address assigned from a DHCP Server. Scenario: When a DHCP Server sends the DHCP OFFER messages with destination IP address set to 0.0.0.0 destined to the switch's DHCP client, the switch drops the DHCP packet and fails to assign the IP address to its VLAN. DHCP Snooping CR_0000230898 Symptom: DHCP Snooping RMON messages intended for unicast client packets are incorrectly displayed for broadcast client packets. Scenario: When DHCP Snooping is enabled globally and on a VLAN, if there is no trusted port or IP helper address configured on the VLAN, the switch logs incorrect event messages: dhcp-snoop: backplane: Client packet destined to untrusted port dropped dhcp-snoop: backplane: Ceasing untrusted port destination logs for 5m New event messages were added for broadcast client packets: dhcp-snoop: backplane: Client broadcast packet on <PORT-NUM> dropped, as neither trusted port nor DHCP Relay configured on <VLAN-ID> dhcp-snoop: backplane: Ceasing client broadcast packet drop logs for 5m. OpenFlow CR_0000232219 Symptom: The switch fails to forward packets using a custom OpenFlow pipeline with set-field. Scenario: When a packet is matching an OpenFlow rule with pop_vlan + set-field action on one table, if it also matches a rule with output action on the next table, the switch fails to forward the packet to the OpenFlow pipeline. Workaround: Attach pop_vlan action with the output action on the next table instead of a pop_vlan + set-field + goto. Smart Link CR_0000235633 Symptom: Standby Smart Link ports do not become active even if the active port goes down when one member is powered off. Scenario: In a switch stack with non-consecutive Smart Link ports, if one member is powered off, the other nonconsecutive ports also go down. Workaround: Configure Smart Link ports as consecutive ports. 12 WC.16.04.0009 Release Notes

SNMP CR_0000237141 Symptom: SNMPv3 target address configured parameters are not displayed in the switch running configuration. Scenario: When SNMPv3 is configured with target parameters using the CLI command snmpv3 targetaddress <ASCII-STR> params <ASCII-STR>, the parameters are not displayed in the output of CLI command show running-config. Workaround: Use the CLI command show snmpv3 targetaddress to display target configured parameters. SSH CR_0000236513 Symptom: Switch may crash with an error message similar to Health Monitor: Invalid Instr Misaligned Mem Access <...> Task='tWatchD'. Scenario: When the SSH public-keys are installed without comments using the switch OS version xx.15.17.xxxx or older and the switch is upgraded to a newer OS version, the switch may crash when issuing the CLI command show crypto client-public-key. Workaround: Install all SSH public keys with comments section or remove all SSH public keys installed without comments before upgrading the switch to a newer OS version. Tunneled Node CR_0000236493 Symptom: Switch may stop forwarding user traffic over the user tunnel node. Scenario: When switch is configured with the user tunnel nodes, it may intermittently stop forwarding traffic over the user tunnel node. Workaround: Disable and enable tunnel nodes using the CLI command [no] tunneled-node-server enable. Web UI CR_0000234086 Symptom/Scenario: The Save button for Port Security configuration modifications is missing in the NextGen WebUI. Workaround: Use CLI command to make changes to an existing Port Security configuration. Version WC.16.04.0008 Authentication CR_0000232197 Symptom: The switch may delay the request for authentication credentials. Scenario: When accessing telnet and console session, the switch prompts for authentication credentials with a slight delay. Workaround: Use SSH to access the switch to get the prompt for authentication credentials immediately. Central CR_0000233323 Symptom/Scenario: When a switch configuration is pushed via Aruba Central, the configuration may not be entirely pushed to the switch, resulting in an incomplete or truncated switch configuration. Chapter 1 WC.16.04.0009 Release Notes 13

Console CR_0000230819 Symptom: The switch console may become unresponsive. Scenario: When disconnecting the console session, connected to a standby or member switch of a stack, using ESC + ~, the console may not disconnect properly and become unresponsive causing the respective stack member to crash with an error message similar to Software exception at multmgmtutil.c:141 -- in 'mloopptx' <...>. LLDP CR_0000232922 Symptom: The switch reports an incorrect error message when it fails to configure the loopback interface IP address for LLDP advertisements. Scenario: When attempting to configure the loopback interface IP address for LLDP advertisements, the switch displays an incorrect error message: This IP address is not configured or is a DHCP address Instead, the following error message should be displayed: This IP address is not configured or is a DHCP/Loopback address Workaround: Configure a statically assigned VLAN IP address for LLDP advertisements. OpenFlow CR_0000229081 Symptom: OpenFlow flow statistics counters may reset to zero and fail to increment after that. Scenario: Packet count in the flow statistics reported in the CLI command show openflow instance <name> flows may stop incrementing. OpenFlow flows may fail to age out and the hard/idle timeout for the affected flows may not expire. Workaround: Disable and re-enable OpenFlow instance state. CR_0000229141 Added support for 'stats' flag in OpenFlow meter. The switch advertises OFPMF_STATS as a configurable flag when creating/modifying a meter. You are now able to get the meter statistics using the multipart message for any configured meter. With the added support of STATS, the users will be able to query the statistics only if the STATS flag is configured along with the KBPS/PKTPS flags. Users will no longer be able to query the statistics without STATS. CR_0000229248 Symptom: OpenFlow traffic may not be sent to the correct priority queue. Scenario: OpenFlow traffic with DSCP priority remarked by the configured traffic meter is sent to the default priority queue, instead of the remarked priority queue. CR_0000229987 Symptom: OpenFlow may not be forwarding LLDP and CDP traffic to the specified port. Scenario: LLDP and CDP traffic on OpenFlow enabled VLANs may not be properly redirected to the OpenFlow port. CR_0000233449 Symptom: The output of CLI command show openflow instance <inst_name> flow-table may be incomplete. 14 WC.16.04.0009 Release Notes

Scenario: When using OpenFlow instance with custom pipeline model on a stack commander with more than 4 members or on a switch chassis with more than 10 slots, the output of the CLI command show openflow instance <inst_name> flow-table may be incomplete. Example from a chassis with slots A-L populated: HP-Switch-5412Rzl2# show openflow instance a flow-table OpenFlow Instance Flow Table Information Table Flow Miss ID Table Name Count Count Goto Table ----- --------------------- -------- ------------- ------------- 0 Custom L2 Src 1 688 1, 2, 3 1 Custom L2 Dst 1 0 2, 3 2 Custom L3 Table 1 0 3 3 Custom TCAM Table 1 0 * Table ID Table Name Available Free Flow Count ----- --------------------- ------------------------------ 0 Custom L2 Src Slot A : 7372 Slot B : 7372 Slot C : 7372 Slot D : 7372 Slot E : 7372 Slot F : 7372 Slot G : 7372 Slot H : 7372 Slot I : 7372 Slot J : 7 1 Custom L2 Dst Slot A : 6144 Slot B : 6144 Slot C : 6144 Slot D : 6144 Slot E : 6144 Slot F : 6144 Slot G : 6144 Slot H : 6144 Slot I : 6144 Slot J : 6... OSPF CR_0000230472 Symptom: OSPF interface authentication may fail. Scenario: After a switch reboot, the OSPF authentication may fail when it is set to md5-auth-key-chain and encrypt-credentials is enabled on only one peer. Workaround: Enable encrypt-credentials on both OSPF peers and reboot. Private VLAN CR_0000233782 Symptom: The switch may not properly forward traffic to the promiscuous port in the private VLAN. Chapter 1 WC.16.04.0009 Release Notes 15

When there is a client connected on a security enabled port and the port is an access port of the secondary VLAN, the client is not able to reach the router connected on the promiscuous port. Scenario: In a private VLAN configuration, when using security enabled VLAN (for example, radius assigned attributes) on the secondary VLAN, the switch may fail to forward traffic from authenticated client to the promiscuous port. Workaround: Disable security on the access port. CR_0000234099 Symptom: The switch may not properly move a client's MAC address from one port to another. Scenario: In a private VLAN, when a client moves from one access port to another on the same secondary VLAN across the ISL, the switch may not correctly move the client's MAC address to the new access port. The MAC will clear when MAC age time expires, allowing the MAC address to be re-learned on the new port. Workaround: Manually clear the MAC address from CLI to allow immediate MAC address re-learning on the new port. RMON CR_0000230643 Symptom: The switch may generate false RMON alarm traps. Scenario: After an uptime of over 500 days, the switch may generate false RMON alarm traps for the monitored MIB objects. sflow CR_0000228486 Symptom: sflow displays invalid levels of dropped samples. Scenario: When using trunk interfaces, sflow is incorrectly calculating the levels of dropped samples displayed in the output of the CLI command show sflow <INSTANCE> sampling-polling. Smart Link CR_0000229453 Symptom: The switch may fail to forward traffic on ports with Smart Link enabled. Scenario: When changing the Spanning Tree mode or the port status of the Spanning Tree enabled ports, the Smart Link enabled ports may stop forwarding the traffic. Workaround: Disable and re-enable the affected Smart Link enabled ports. CR_0000233339 Symptom: The Smart Link port might flood VLAN traffic even though it is not a member of that VLAN. Scenario: When the switch is configured with Smart Links and multiple VLANs, VLAN traffic is sent on Smart Link ports that are not a member of those VLANs. Workaround: No workaround. Remove the Smart Link port configuration to avoid this issue. SSH CR_0000229176 Symptom: Unable to access switch via SSH. Scenario: When using raw console terminal (console terminal none) with message of the day banner configured (banner motd) and SSH session to the switch may fail with the error message Session terminated, unable to login. 16 WC.16.04.0009 Release Notes

Workaround: Configure console ANSI or VT100 console terminal or disable message of the day banner. CR_0000232500 Symptom: Switch fails to authenticate an SSH client using keyboard-interactive method. Scenario: When the switch access is enabled for SSH public key authentication (for example, aaa authentication ssh login public-key), if the SSH client fails to authenticate using client private key for N-1 configured number of authentication attempts (for example, aaa authentication num-attempts N), the switch does not failover to authenticate the client using keyboard-interactive method. The switch causes the client authentication to fail with an error message similar to Too many authentication failures, even when one more attempt is available. Stacking CR_0000229617 Symptom: In certain conditions, VSF stacking may not be working properly over LLDP-MAD. Scenario: In a VSF setup with LLDP MAD enabled, if a stack-split occurs following a redundancy switchover and change in stack commander-standby roles, both stack fragments may become ACTIVE. Workaround: UDLD CR_0000229788 Symptom: In a redundant configuration, the switch may stop forwarding traffic on LACP aggregated ports. Scenario: In a redundant configuration with Spanning Tree enabled, when multiple redundancy switchover events occur, the switch may fail to forward traffic over an LACP trunk which has UDLD enabled in "verify-then-forward" mode. Workaround: Disable and re-enable Spanning Tree. Alternatively, disable and re-enable the affected port. Version WC.16.04.0007 Version WC.16.04.0007 was never released. Version WC.16.04.0006 Version WC.16.04.0006 was never released. Version WC.16.04.0005 Version WC.16.04.0005 was never released. Version WC.16.04.0004 CLI CR_0000223941 Symptom: The terminal command line is not working properly after terminating a session to the switch. Scenario: After a VT100 terminal session to the switch is terminated, the terminal line wrap-around configuration is disabled. Workaround: Re-enable "line-wrap" mode via SNMP command setmib hpicfprivatetermlinewrap.0 -i 6 followed by configuration save and reboot. Chapter 1 WC.16.04.0009 Release Notes 17

Event Log CR_0000225392 Symptom: The proper event log message is not generated when a port is blocked due to a link failure detection protocol. Scenario: When a port is configured for Device Link Detection Protocol (DLDP) or Uni-directional Link Detection (UDLD) and a link failure is detected, the switch fails to log corresponding event log messages similar to: 00435 ports: port <NUM> is Blocked by DLDP 00435 ports: port <NUM> is Blocked by UDLD LLDP CR_0000226106 Symptom: The switch does not transmit LLDP packets. Scenario: The switch no longer transmits LLDP packets on the port after it is configured for AAA port-access authentication. Stacking CR_0000197626 Symptom: A stack might fail to split according to the configured split policy. Scenario: In a 2-member stack configuration, when the OOBM interface is configured for dynamic DHCP IP address, a stack might fail to split according to the configured split policy. Workaround: Configure any of the OOBM interfaces with static assigned IP address. User Roles CR_0000227939 Symptom: In certain scenarios, the switch may no longer authenticate a client on a port. Scenario: When there is a redundant port configuration, through the switch static tagged VLAN configuration as well as assigned through user-role from authentication profiles, if a user fails an 802.1x re-authentication due to invalid credentials, the port may end up in an invalid and corrupt VLAN configuration state. This will prevent further user authentications on the port. Workaround: Remove any redundant static tagged VLAN configuration on a port if the same VLAN is also part of any user-role. Issues and workarounds The following are known open issues with this branch of the software. The Symptom statement describes what a user might experience if this is seen on the network. The Scenario statement provides additional environment details and trigger summaries. When available, the Workaround statement provides a workaround to the issue. Central CR_0000237778 Symptom: Login to switch from Central Remote Console System (RCS) may fail. Scenario: When the switch is configured with local authentication as well as RADIUS/TACACS authentication and the local user credentials are not provisioned in RADIUS/TACACS, Central RCS authentication fails. Workaround: Add local user credentials to RADIUS/TACACS server. 18 WC.16.04.0009 Release Notes

MACsec CR_0000232725 Symptom: The switch may fail to forward traffic controlled by MACSec policies. Scenario: When using MACSec policy applied to multi-gigabit (1, 2.5, 5, 10 Gbps Smart Rate) ports with includesci-tag option disabled (no include-sci-tag), the switch may fail to forward the traffic. Workaround: Avoid using MACSec policies with include-sci-tag option disabled when applied to Smart Rate ports. Switch Initialization CR_0000234294 Symptom: The switch may have a delay when recovering from hibernation mode. Scenario: When the switch is in hibernation mode for a specified interval, the switch may power up at a later time than the configured hibernation period. Workaround: To power up the switch, press the Mode button on the front panel or cycle power. VSF CR_0000238068 Symptom: The switch fails to form a VSF stack when using a 1G connection for a VSF switch link. Scenario: The switch fails to form the VSF stack when the VSF link is configured for a 1G interface. The standby switch reboot process triggered by the stack role election process hangs at "Initializing "., while the commander switch reports a warning event log message similar to: I 01/01/90 00:04:00 03279 stacking: ST1-CMDR: Member 2 (941882-11c860) chosen as standby. Reason: Only available standby W 01/01/90 00:06:03 03838 chassis: ST1-CMDR: Co-Processor failed to boot. Timeout reached: System initialization failure Workaround: Configure the VSF link on 10G interfaces. Upgrade information Upgrading restrictions and guidelines WC.16.04.0009 uses BootROM WC.16.01.0003 when running on 2930F switches and BootROM WC.17.02.0003 when running on 2930M switches. If your switch has an older version of BootROM, the BootROM will be updated with this version of software. For more information about BootROM, see the ArubaOS-Switch Management and Configuration Guide WC. 16.04. During the software update, the switch will automatically boot twice. The switch will update the primary BootROM, then reboot, and then update the secondary BootROM. After the switch flash memory is updated and the final boot is initiated, no additional user intervention is needed. Do not interrupt power to the switch during this important update. Firmware downgrade to a version earlier than 16.04 will generate new SSH keys upon switch boot-up. These keys will be different than the ones previously stored in SSH peer's known hosts file and may result in SSH connectivity issues after the OS downgrade completes. You will need to erase the pre-existing switch keys from SSH peer's known hosts file to restore SSH connectivity. Chapter 1 WC.16.04.0009 Release Notes 19

This issue will not be encountered when the option "StrictHostKeyChecking" is disabled in the SSH peer. For more information regarding clearing SSH keys and changing strict host key checking settings, see the documentation provided with your SSH client. For information on best practices when updating software or rolling back to previous versions of software, see the "Best practices for software updates" section of the ArubaOS-Switch Basic Operations Guide Version 16.04. 20 WC.16.04.0009 Release Notes

Chapter 2 Hewlett Packard Enterprise security policy A Security Bulletin is the first published notification of security vulnerabilities and is the only communication vehicle for security vulnerabilities. Fixes for security vulnerabilities are not documented in manuals, release notes, or other forms of product documentation. A Security Bulletin is released when all vulnerable products still in support life have publicly available images that contain the fix for the security vulnerability. Finding Security Bulletins Procedure 1. Go to the HPE Support Center - Hewlett Packard Enterprise at www.hpe.com/support/hpesc. 2. Enter your product name or number and click Go. 3. Select your product from the list of results. 4. Click the Top issues & solutions tab. 5. Click the Advisories, bulletins & notices link. Security Bulletin subscription service You can sign up at http://www.hpe.com/support/subscriber_choice to initiate a subscription to receive future Hewlett Packard Enterprise Security Bulletin alerts via email. Chapter 2 Hewlett Packard Enterprise security policy 21

Chapter 3 Websites Networking Websites Hewlett Packard Enterprise Networking Information Library www.hpe.com/networking/resourcefinder Hewlett Packard Enterprise Networking Software www.hpe.com/networking/software Hewlett Packard Enterprise Networking website www.hpe.com/info/networking Hewlett Packard Enterprise My Networking website www.hpe.com/networking/support Hewlett Packard Enterprise My Networking Portal www.hpe.com/networking/mynetworking Hewlett Packard Enterprise Networking Warranty www.hpe.com/networking/warranty General websites Hewlett Packard Enterprise Information Library www.hpe.com/info/eil For additional websites, see Support and other resources. 22 WC.16.04.0009 Release Notes

Chapter 4 Support and other resources Accessing Hewlett Packard Enterprise Support For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: http://www.hpe.com/assistance To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: http://www.hpe.com/support/hpesc Information to collect Technical support registration number (if applicable) Product name, model or version, and serial number Operating system name and version Firmware version Error messages Product-specific reports and logs Add-on products or components Third-party products or components Accessing updates Some software products provide a mechanism for accessing software updates through the product interface. Review your product documentation to identify the recommended software update method. To download product updates: Hewlett Packard Enterprise Support Center www.hpe.com/support/hpesc Hewlett Packard Enterprise Support Center: Software downloads www.hpe.com/support/downloads Software Depot www.hpe.com/support/softwaredepot To subscribe to enewsletters and alerts: www.hpe.com/support/e-updates To view and update your entitlements, and to link your contracts and warranties with your profile, go to the Hewlett Packard Enterprise Support Center More Information on Access to Support Materials page: www.hpe.com/support/accesstosupportmaterials Chapter 4 Support and other resources 23

Access to some updates might require product entitlement when accessed through the Hewlett Packard Enterprise Support Center. You must have an HPE Passport set up with relevant entitlements. Customer self repair Hewlett Packard Enterprise customer self repair (CSR) programs allow you to repair your product. If a CSR part needs to be replaced, it will be shipped directly to you so that you can install it at your convenience. Some parts do not qualify for CSR. Your Hewlett Packard Enterprise authorized service provider will determine whether a repair can be accomplished by CSR. For more information about CSR, contact your local service provider or go to the CSR website: http://www.hpe.com/support/selfrepair Remote support Remote support is available with supported devices as part of your warranty or contractual support agreement. It provides intelligent event diagnosis, and automatic, secure submission of hardware event notifications to Hewlett Packard Enterprise, which will initiate a fast and accurate resolution based on your product's service level. Hewlett Packard Enterprise strongly recommends that you register your device for remote support. If your product includes additional remote support details, use search to locate that information. Remote support and Proactive Care information HPE Get Connected www.hpe.com/services/getconnected HPE Proactive Care services www.hpe.com/services/proactivecare HPE Proactive Care service: Supported products list www.hpe.com/services/proactivecaresupportedproducts HPE Proactive Care advanced service: Supported products list www.hpe.com/services/proactivecareadvancedsupportedproducts Proactive Care customer information Proactive Care central www.hpe.com/services/proactivecarecentral Proactive Care service activation www.hpe.com/services/proactivecarecentralgetstarted Warranty information To view the warranty for your product or to view the Safety and Compliance Information for Server, Storage, Power, Networking, and Rack Products reference document, go to the Enterprise Safety and Compliance website: www.hpe.com/support/safety-compliance-enterpriseproducts Additional warranty information HPE ProLiant and x86 Servers and Options www.hpe.com/support/proliantservers-warranties HPE Enterprise Servers www.hpe.com/support/enterpriseservers-warranties 24 WC.16.04.0009 Release Notes

HPE Storage Products www.hpe.com/support/storage-warranties HPE Networking Products www.hpe.com/support/networking-warranties Regulatory information To view the regulatory information for your product, view the Safety and Compliance Information for Server, Storage, Power, Networking, and Rack Products, available at the Hewlett Packard Enterprise Support Center: www.hpe.com/support/safety-compliance-enterpriseproducts Additional regulatory information Hewlett Packard Enterprise is committed to providing our customers with information about the chemical substances in our products as needed to comply with legal requirements such as REACH (Regulation EC No 1907/2006 of the European Parliament and the Council). A chemical information report for this product can be found at: www.hpe.com/info/reach For Hewlett Packard Enterprise product environmental and safety information and compliance data, including RoHS and REACH, see: www.hpe.com/info/ecodata For Hewlett Packard Enterprise environmental information, including company programs, product recycling, and energy efficiency, see: www.hpe.com/info/environment Documentation feedback Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title, part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page. Chapter 4 Support and other resources 25

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback